The application of Elliptic Curve Cryptosystem has gained more and more attention. ECC uses smaller key size and lower memory requirement to retain the security level and can be a crucial factor in the smart card system. In this paper, an ECC based implementation of security schemes in smart card system to access control the door of some confidential places is proposed. The confidential place, for example a coffer, a strong room in the bank is used to store treasures as well as cashes, and where the mutual vigilance could be required. For the safety consideration, the going in and out a coffer by a person is not permissive but a group of authorized people. It involves the problem of secret sharing. The adopted solution of sharing secret is threshold scheme. Every participant possesses a secret shadow, which will be saved in the smart card. After correct reconstructing the shared secrets, it is permissible to access the coffer's door. For resisting dishonest participants, cheating detection and cheater identification will be included. The user can change his password of smart card freely and need not memorize his assigned lengthy password and shadow as traditional ID-based schemes makes our implementation much more user friendly.

Some cryptographic schemes based on the bilinear pairings were proposed recently. In this paper, we apply the pairings on elliptic curve and Elliptic Curve Cryptography to the key agreement of dynamic peer group. Each member performs authentication and contributes a secret data to negotiate a group common key by means of a binary key tree. The proposed protocol does not need a dedicated central server to perform the key agreement, and the overhead is distributed among the group members. To provide a secure dynamic group communication, the key renewing mechanism has to be included. While the member joins/leaves, the group session key will be renewed to provide the backward/forward privacy, respectively. The key renewing is much efficient because it is only confined to the keys of the key-path. The proposed protocol is flexible while the change of membership is frequent.

In this letter, we indicate that a proposed user-friendly remote authentication scheme with smart card is insecure. The authentication scheme suffers from the replay attack. An adversity can eavesdrop valid authentication information from the communicating data, modify it, and impersonate the legitimate user to login the remote system. We also present a modified scheme to overcome this vulnerability and improve the robustness. In the modified scheme, the replay attack cannot work successfully. To crack the password from the communicating message is infeasible. Even if the password is compromised, the attacker still cannot pass the authentication and gain the authority of the legitimate user.